Fantomas is a favorite hacker of the Russian authorities

In the thick fog which still surrounds the hacking of the US Democratic party in 2016, his name was part of the little that went on public display. 29 Dec 2016 Evgeniy Bogachev was mentioned in the statement by the White house as one of the most dangerous Russian hackers.

That day, one of his last presidential mandate, President Barack Obama decided to announce a series of measures in response to cyber attacks Russia, designed to sow doubts about the fairness of the American electoral process.

In the document the White house provided a list of 35 people deported from the US diplomats, the three private companies and three major leaders of Russian intelligence, where a suspect in the coordinated attacks. Evgeny Bogachev also was charged with “misappropriation of funds and personal data”.

In the world of cybersecurity Bogachev is a famous person. In may 2014 the man with a shaved head, piercing eyes and heavy figure wanted by the FBI. 33-year-old hacker accused of stealing $ 100 million with the help of his botnet GameoverZeuS. In the search documents noted his aliases (Slavik, lucky12345) and offered an unusually high reward: $ 3 million.

Fantomas (he received this nickname for the similarity with the famous criminal mastermind and the ability to escape from his pursuers) hacker of high flight, Creator of “very complicated and incredibly profitable programs,” says made in 2012, the indictment of American justice. Experts in Informatics, including those who had to fight against him, calling him a “genius.”

The disturbing connection

He may be a genius, but given all the above, he was more involved in criminal activities than the cyber warfare the great powers. Nevertheless, many Russians see him as a hero, a kind of nationalist Robin hood, which, however, does not give money to the poor, but chooses only to foreign targets: Australians and Asians in the morning, the day Europeans and Americans in the evening. This is how a well-functioning mechanism of his criminal group’s Business Club.

What message was trying to convey to the American authorities, including Evgeny Bogachev in the political list in the midst of confrontation between USA and Russia?

They have used accusations of cyber espionage to settle scores with the successful thief? They have evidence linking the hacker to the theft of correspondence of the Democratic party? Or, more likely, they wanted to expose the connections between the world of cybercrime and the Russian intelligence services?

To deal with this, take a look at the history of the Business Club. At the peak of its activities between 2011 and 2014, the group managed to infect up to 3 million computers GameoverZeuS, which was aimed at stealing data, primarily banks. This botnet, an improved version used Bogachev 2006 and malware ZeuS, has long seemed unapproachable to even the most discerning experts.

In the system Bogacheva was a command center with infinite branches from the seized computers, which greatly increased the effectiveness of attacks and made tracking nearly impossible.

Malware easily penetrated through the holes in operating systems and antivirus software not slowing down at the same time (which is important) the work of the infected computers. Another achievement of the group was Cryptolocker, one of the first programs that freeze everything on the computer until you receive a “buy.”

Programmer and leader of criminal

The way Bogachev rests not only on the talents of the programmer. This influential criminal leader and lover of luxury yachts and cars turned Business Club in a small Empire, by introducing a system of fees for the group and clearly demarcated areas of its activities.

In Business Club had about fifty members, not including “mules”, who were engaged in the transportation to Russia the stolen money (they went through banks in the Chinese border province of Heilongjiang).

Anyway, in mid-2014 the system GameoverZeuS collapsed. The FBI managed to destroy the network with the support of the police from several countries as well, as well as dozens of private experts on information security.

May 7, 2014 on the apartments in Kiev and Donetsk, was taken served as command centers computers that significantly facilitated the investigation. Operation “Tovar” was successful, but Bogachev disappeared.

Until that moment, he lived with a family and child of the black sea in Anapa, where he had several apartments and a staff: the bodyguard, a Secretary, a maid, a driver… All gone. The obvious connivance of the Russian authorities who failed to cooperate with the investigation and arrest of the offender, despite the international warrant, is alarming. What they promised to the hacker in exchange for a similar attitude? At this moment came the first suspicions about the deal with the Russian state.

Other data indicate that the hackers Club Business was not content merely to steal funds from Bank accounts. In GameoverZeuS was originally laid out and other functionality that allows in particular to record everything you type on the keyboard of the infected computer or collect data stored on it.

According to specializing in cyber security company Fox-IT (in 2015, it released a detailed report on this subject), in 2013-2014 it was used for stealing secret information from the servers of the Ukrainian, Georgian and Turkish security services. As noted by Michael sandy (Michael Sandee) from Fox-IT, espionage was given only one Bogacheva, as some party members were Ukrainians.

Hand Bogacheva

Hacker is agility in the approach to the targets. It “phishing” emails in which the victim and trying to make click on the app or the link, look incredibly believable and fit perfectly into the profile and nationality of the target. These impressive for a simple criminal group features later surfaced in various cases of government espionage.

So, participating in the destruction of the network GameoverZeuS independent expert don Jackson (Don Jackson) sees the hand Bogacheva in smaller-scale attacks against Estonia, Lithuania and Kyrgyzstan. He regretted that such a famous hacker reduces the probability of future capture, however, sees “a clear link” between him and the hacking of the servers of the Democratic party.

The situation is complicated by another point, which the experts there is even more doubt about the origin of attacks: Bogachev always exhibited their creations for sale on the black market in the network. In other words, tools Business Club could use and other hackers.

2015 in the course of other creation Bogacheva, rogue X-Agent, which can be installed on any smartphones. Under the guise of BlackEnergy it was used in particular for political purposes, in particular against the company “Ukrenergo”, which led to disruptions in the supply of Ivano-Frankivsk in December 2015.

Published March 8, WikiLeaks documents the CIA also indicates another point: in the management structure, there was a special Department which deals with using other technologies for their own purposes. In theory, it can conduct offensive operations, leaving the other pointing to the tracks.

Thus, you can’t just make the link between Bogachev and any group of those that the FBI believes is responsible for the burglary of the Democratic party. Even in light of the fact that the hacker used Pro-Kremlin hacker group АРТ28. According to the American authorities, it is subject to GRU and is responsible for the attack on the Bundestag, the channel TV5 Monde, the World anti-doping Agency and working on the crash of flight MH17 in Ukraine, a group of experts. As for АРТ29, she allegedly has ties with the FSB, successor to the KGB.

Intelligence agencies and hackers

Anyway, all experts agree that Bogacheva “the favor” with the authorities, which implies a response service. And it’s hard to imagine that the Russian intelligence services can opt out of the skills of the best hacker of his generation. “Directly or not, he in any case played a role in the development of Russia’s offensive nuclear capabilities,” — says the expert don Jackson.

No one doubts and in cooperation engaged in cybercrime, hackers with the Russian government. This is why suspicions about Bogachev and probably the US decision to mention his name in the official list.

According to Russian expert Andrei Soldatov, “hackers often try to keep a distance, but, it happens that some of them have no choice but to cooperate. A role can also play a financial or Patriotic considerations.”

Russia, of course, not the only state with the tools of cyber attacks and cyber espionage that draw noted in crime hackers for point missions. Anyway, Moscow has gone in this system. In August 2016 Eas7 hacker told Vice News that he collaborated with the FSB in economic espionage. According to her, at least half of all hackers work for government agencies.

Thus, there is no doubt that this “kiberenge where hackers and intelligence services courted each other”, according to BBC journalist Andrew Coulter, American sanctions will only increase the value of the legendary and elusive Fantomas.